ipv4 run out and transitioning to ipv6 marco hogewoning trainer, ripe ncc
TRANSCRIPT
Presenter Name, Date 2
IPv4 Distribution
IANA
7,000 LIRs
APNICAfriNIC LACNICRIPE NCCARIN
End Users
IANA 3 February 2011
APNICAfriNIC LACNICRIPE NCCARIN ?
15 April 2011
Presenter Name, Date 3
IPv4 Reserves at RIPE NCC
Amount of IPv4 addresses (million),includes the final /8
Presenter Name, Date 4
IPv4 Exhaustion Phases
time
IANA pool exhauste
d
IPv4 still available. RIPE NCC
continues normal operation
Each of the 5 RIRs received
a/8
RIPE NCC reaches final /8
Final /8 policy triggered
RIPE NCC pool
exhausted
RIPE NCC can only distribute IPv6
now
Presenter Name, Date 5
Business As Usual
• As long as there are IPv4 addresses left, the RIPE NCC will keep on distributing them, based on justified need
• Same allocation and assignment policies still apply (RIPE-509)
• Until the final /8 is reached
Presenter Name, Date 6
“Run Out Fairly”
• Gradually reduced allocation and assignment periods
• Needs for “Entire Period” of up to... – 12 months (January 2010)
– 9 months (July 2010)
• 6 months (January 2011)
– 3 months (July 2011)
• 50% has to be used up by half-period
Presenter Name, Date 7
Final /8 Policy
• Each LIR can get one /22 allocation– 1024 IPv4 addresses
– New and existing members
– As long as supplies will last
• You must meet the criteria for an (additional) allocation
• Only when you already have IPv6 addresses
Presenter Name, Date 8
Transfer of IPv4 Allocations
• LIRs can transfer IPv4 address blocks:– To another LIR
– Only when the block is not in use
– Meets minimum allocation size (/21)
• Requests are evaluated by the RIPE NCC– Justified need
• Registered in the RIPE Database
Presenter Name, Date 9
No Changes Yet
• At the moment the RIPE NCC continues normal operations
• Policy will only change when the RIPE NCC’s final /8 is reached
• Be aware of the shorter assignment period!
• And start deploying IPv6 now!
Presenter Name, Date 11
There Was a Plan
• Originally it was planned that the deployment of IPv6 would take place before the IPv4 free pool would have been exhausted
• At this moment the whole Internet should have been Dual Stacked
• Unfortunately this is not the case
Presenter Name, Date 12
Solving Two Problems
• Maintaining connectivity to IPv4 hosts by sharing IPv4 addresses between clients– Extending the address space with NAT/CGN/LSN
– Translating between IPv6 and IPv4
• Provide a mechanism to connect to the emerging IPv6-only networks– Tunnelling IPv6 packets over IPv4-only networks
Presenter Name, Date 13
Network Address Translation
• Extends the capacity of the IPv4 address space by sharing an IPv4 address between clients
• Fairly common technology, used everywhere
• Breaks the end to end connectivity model• It doesn’t allow communication with IPv6!• You are probably going to need it in some
form
Presenter Name, Date 14
Other Challenges With NAT
• Does it scale?– How many users can share a single address?
• Do you know who is talking?– In case of abuse complaints
– What about lawful interception
• Logs will grow huge– Data retention?
Presenter Name, Date 15
Transitioning Techniques
• Most of them use ‘tunnels’– Put X in Y (IPv6 in IPv4)
• The end point has both protocols• And the network in between doesn’t• Requires assistance in the form of so
called ‘tunnel servers’– ‘Bridge’ between the 2 worlds
– Unpacking and repacking the data
Presenter Name, Date 16
Tunnelling Options
• Well known: 6in4, 6to4, Teredo, 6RD, TSP• These all come with drawbacks:
– MTU gets lower, this can cause issues
– Security gets more complicated
– Some use anycast, where does your traffic go?
– Depending on third parties
– Does it really scale?
• Your mileage may vary
Presenter Name, Date 17
Translation (NAT64/DNS64)
• Alternative solution translate IPv6 into IPv4• Customer will only get one protocol (IPv6)• Translator box sits in between
– Talks to both IPv4 and IPv6
– Shares a pool of IPv4 addresses
• Requires fiddling with DNS– Capture all queries
– Replace IPv4 answers with crafted IPv6 addresses
Presenter Name, Date 18
Drawbacks of Translation
• Clients are not aware there is another protocol
• DNSsec will break• Again you are sharing IPv4 addresses
– Who is talking?
– Can you really keep track of what happens?
• Does it really scale?
Presenter Name, Date 19
Conclusion
• Multiple solutions exist and more are being developed as we speak
• If you need an intermediate solution, choose wisely which one to deploy
• These are all temporary solutions for a permanent problem
• Dual Stack wherever you can!
Presenter Name, Date 21
IPv6 RIPEness
• Rating system:– One star if the member has an IPv6 allocation
– Additional stars if:
- IPv6 Prefix is visible on the internet
- A route6 object is in the RIPE Database
- Reverse DNS is set up
– A list of all 4 star LIRs: http://ripeness.ripe.net/
Presenter Name, Date 26
A Different Approach
• IPv6 RIPENess only looks at members• What about the other networks?• Measurements per ASN
– How many networks advertise IPv6?
• Try it yourself http://v6asns.ripe.net
Presenter Name, Date 28
More Information
• http://www.ipv6actnow.org• http://ripeness.ripe.net• http://v6asns.ripe.net
• Mailing list:– http://www.menog.net/menog/mailing-list
– http://www.ripe.net/ripe/mail/wg-lists/ipv6-working-group